cd75fe235d
providers/proxy: preserve URL-encoded path characters in redirect (cherry-pick #20476 to version-2026.2) ( #20482 )
...
providers/proxy: preserve URL-encoded path characters in redirect (#20476 )
Use r.URL.EscapedPath() instead of r.URL.Path when building the
redirect URL in redirectToStart(). The decoded Path field converts
%2F to /, which url.JoinPath then collapses via path.Clean, stripping
encoded slashes from the URL. EscapedPath() preserves the original
encoding, fixing 301 redirects that break apps like RabbitMQ which
use %2F in their API paths.
Co-authored-by: Brolywood <44068132+Brolywood@users.noreply.github.com >
2026-02-23 18:10:04 +01:00
3f1a0f83ca
outpost/proxyv2: revalidate auth if session fails to load ( #18063 )
2026-02-05 17:19:28 +00:00
85434710f3
root: update client-go generation ( #19762 )
2026-01-26 19:51:38 +01:00
9cb7c74e1c
internal: fix certificate not refetched if fingerprint changes ( #19761 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-01-26 17:07:35 +01:00
bc3a1f128b
providers/proxy: Fix incorrect comparison of redirect URL and CookieDomain ( #15686 )
...
* Fix incorect comparison of redirect URL and CookieDomain. Fixes #15685
According to docs, URL.Host contains the host and port, while Hostname
returns only the host without the port. CookieDomain obviously does not
contain the port. string.HasSuffix function is used, so if a port is set
in the redirect URL, this check always fails.
* Fixed missing parentheses
---------
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-01-22 17:44:22 +00:00
3873f43ea3
outpost/proxyv2: fix stale session cookie causing 400 error in createState ( #19026 )
2026-01-13 10:52:42 -05:00
a479c79b34
internal/outpost: improve PostgreSQL connection options parsing ( #19118 )
...
* internal: Outpost's conn options should be base64 json
* correctly parse target_session_attrs + tests
* fix port handling to use env provided port
* add multiple port handling abilities to mirror the python config parser
---------
Co-authored-by: Duncan Tasker <tasatree@gmail.com >
2026-01-13 10:52:28 -05:00
1a4ae2f102
outpost/proxyv2: reduce max number of postgres connections ( #19211 )
2026-01-06 18:19:41 +00:00
4ac01724a5
rbac: Add show all to roles tab, add role tab to groups ( #19097 )
...
* improve sort order and inherit visual
* Update web/src/admin/groups/GroupViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/users/UserViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* setup include inherited roles and fix returning nothing
* update api calls
* fix rendering error
* do not use set
* change from exception handling
* go off query param
* fix wording
* fix linting error for new group api structure
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-01-05 23:14:44 +00:00
9ef7f706e9
internal: don't warn on empty outpost for embedded ( #18786 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-14 00:50:58 +01:00
15b93a5e9d
stages/identification: Add WebAuthn conditional UI (passkey autofill) support ( #18377 )
...
* add passkey_login to identification stage
* handle passkey auth in identification stage
* Add passkey settings in identification stage in the admin UI
* Add UI changes for basic passkey conditional login
* Fix linting
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
* update admin form
* allow passing stage to validate_challenge_webauthn
* update flows/tests/test_inspector.py
* update for new field
* Fix linting
* update go solvers for identification challenge
* Refactor tests
* Skip mfa validation if user already authenticated via passkey at identification stage
* Add skip_if_passkey_authenticated option to authenticator validate stage and UI
* Add e2e test for passkey login conditional ui
* add policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Remove skip_if_passkey_authenticated
* fix blueprint
* Set backend so password stage policy knows user is already authenticated
* Set backend so password stage policy knows user is already authenticated
* fix linting
* slight tweaks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify e2e test
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 11:49:05 -03:00
3353db0d7f
outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart ( #18211 )
...
* outpost/proxyv2: handle PostgreSQL passwords with spaces and special characters
And modify / add some more tests and a bit of refactoring
* Potential fix for code scanning alert no. 268: Disabled TLS certificate check
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dominic R <dominic@sdko.org >
* Revert "Potential fix for code scanning alert no. 268: Disabled TLS certificate check"
This reverts commit ead227a272jens@goauthentik.io >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 14:25:41 +00:00
f7e23295ed
core: add digraph group hierarchy ( #17050 )
...
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-08 12:04:04 +01:00
1aff2c2b3a
providers/radius: revert fix inverted message authenticator validation ( #17855 ) ( #17915 )
...
Revert "providers/radius: fix inverted message authenticator validation (#17855 )"
This reverts commit 09e3301c8f
2025-11-03 16:10:41 +01:00
894db1237a
internal: add default go http server timeouts ( #17858 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-01 19:04:13 +01:00
09e3301c8f
providers/radius: fix inverted message authenticator validation ( #17855 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-01 17:58:48 +01:00
45d0c7c24b
web/a11y: Isolated Outpost Error Page ( #17683 )
...
* web: Remove external resources from error page.
* web: Remove home link.
2025-10-30 23:00:01 +00:00
ec00a918b3
outposts: update permissions more eagerly ( #17783 )
...
* wip
* wip
* a
* a
Signed-off-by: Dominic R <dominic@sdko.org >
* rm
* this
* rm test files
* cover one more case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-30 18:33:51 +01:00
9b6aa56df2
providers/radius: fix panic when no cert is configured ( #17762 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 15:42:11 +01:00
e7235732bb
providers/proxy: fix missing JWT/claims header ( #17759 )
...
* replace interface{} with any
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix raw token not saved to map or json
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix proxy claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 15:14:07 +01:00
e2904d13a9
providers/proxy: add gorm logging ( #17758 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 14:39:47 +01:00
e9347e88e1
providers/proxy: drop headers with underscores ( #17650 )
...
drop any headers with underscores that we set in the remote system
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-22 15:19:34 +02:00
9847c3adc8
providers/proxy: fix missing postgres import ( #17582 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-21 00:09:54 +02:00
795a025af9
outpost/proxyv2: postgresstore: db/pool/misc cleanup and enhancement ( #17511 )
...
* wip
* Update internal/outpost/proxyv2/application/session_postgres_test.go
Signed-off-by: Dominic R <dominic@sdko.org >
* Update refresh.go
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens L. <jens@goauthentik.io >
2025-10-20 16:25:13 +02:00
06bfcf04e3
outpost/proxyv2: postgresstore: credential refresh ( #17414 )
...
* outpost/proxyv2: postgresstore: credential refresh
* wip
* mabye
* mabye fix
2025-10-15 15:22:27 +02:00
23357f45e9
*: remove Redis leftovers ( #17146 )
...
* *: remove Redis leftovers
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix leftover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix broken anchor
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add redis for previous version migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-11 01:46:53 +02:00
6dde8bdd4a
outpost: proxyv2: Use Postgres for the Embedded Outpost ( #16628 )
...
* wip
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
* remove testing files
* a
* wip
* pls
* pls2
* a
* Update authentik/providers/proxy/models.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Dominic R <dominic@sdko.org >
* makemigrations
* pls
* pls1000
* dont migrate in go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set uuid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more test cases
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set gorm nowfunc (gorm defaults to local time)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve test db closing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move expiration to field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont' manually set table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor tests more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix em
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* postgres cleanup is done by worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update expiry and set expiring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@beryju.org >
2025-10-09 16:59:15 +02:00
68292fede2
enterprise/stages/mtls: Improve Email address extraction ( #17068 )
...
* enterprise/stages/mtls: improve email attribute extraction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return error from outpost flow executor correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-28 19:28:52 +02:00
4ec785a598
core/api: Better naming for partial user/group serializer, optimise bindings ( #17022 )
...
* core: add index on Group.is_superuser (#17011 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update go code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also optimise bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-09-26 14:43:39 +02:00
9df7e50b8f
outposts/ldap: add pwdChangeTime attribute ( #17010 )
...
* outposts/ldap: add pwdChangeTime attribute
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-09-25 16:16:08 +02:00
e415d3b667
providers/ldap: add include_children parameter to cached search mode ( #16918 )
2025-09-25 14:41:33 +02:00
053c639aa8
outposts: fix flow executor when using subpath ( #16947 )
...
* Refer refConfig's URL
* Update internal/outpost/flow/executor.go
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Katsushi Kobayashi <ikob@acm.org >
---------
Signed-off-by: Katsushi Kobayashi <ikob@acm.org >
Co-authored-by: Jens L. <jens@beryju.org >
2025-09-25 14:34:44 +02:00
df33b4d3e9
website: fix docs links ( #16926 )
...
* fix: add other docker-compose links
* fix: update other docs urls
2025-09-24 11:48:33 -04:00
1f81d234cb
enterprise/providers/radius: add EAP-TLS support ( #15702 )
...
* implement with library (backend)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add basic docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add enterprise notice to certificate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clearer enterprise stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-23 23:54:09 +02:00
a38239509b
root: Better version bump ( #14905 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-08-12 13:50:12 +00:00
ffe767fe13
outpost: proxy: handle nil HTTP response in attemptBasicAuth function ( #13781 )
...
* outpost: proxy: handle nil HTTP response in attemptBasicAuth function
Fixes a nil pointer dereference that occurs when an HTTP request fails in the attemptBasicAuth function. Added additional checks to safely handle cases where the HTTP response or its body is nil.
* add defer res.Body.Close() to prevent resource leaks in basic auth
* oops
* this
* Revert "this"
This reverts commit 7f7d110291
2025-08-12 11:40:18 +01:00
7ed3fed5c3
outpost/proxyv2: add session cleanup for filesystem session store ( #15798 )
...
* proxyv2/filesystemstore: add persistent filesystem store to implement a session cleanup job
* proxyv2: add session cleanup for filesystem session store
2025-08-09 20:13:39 +01:00
ab1f87cfd6
core, providers/ldap: add parent/child groups to api and ldap results ( #14974 )
2025-08-04 14:29:16 +02:00
4b37829f67
providers/radius: set message authenticator ( #15635 )
...
* core: fix flow planner checking against wrong user when creating recovery link
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* validate incoming message authenticator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-19 22:08:58 +02:00
790ae0c3d8
web: rework storybook for flow components and to make the design consistent ( #15415 )
...
* unrelated: improve schema for authenticator validate device class
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix static for storybook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow interface for storybook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework storybooks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix email authenticator icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix accidental nested flow card
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix webauthn padding partially
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix autosubmit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make consent stage look good
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add password stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start executor stories
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid html
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix frame stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix design for device picker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most of the padding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use footer band for password recoery
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add prompt stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix table persistence
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-06 00:26:22 +02:00
5af2378738
outposts/ldap: Handle comma-separated attributes in LDAP search requests ( #15000 )
...
Closes https://github.com/goauthentik/authentik/issues/13539
When LDAP clients like Jira submit search requests with comma-separated attributes
(e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return
an "Operations Error". Ths fix adds attribute normalization to properly handle
both formats by splitting comma separated attributes into individual entries.
Tests pass:
```
=== RUN TestNormalizeAttributes
=== RUN TestNormalizeAttributes/Empty_input
=== RUN TestNormalizeAttributes/No_commas
=== RUN TestNormalizeAttributes/Single_comma-separated_string
=== RUN TestNormalizeAttributes/Mixed_input
=== RUN TestNormalizeAttributes/With_spaces
=== RUN TestNormalizeAttributes/Empty_parts
=== RUN TestNormalizeAttributes/Single_element
=== RUN TestNormalizeAttributes/Only_commas
=== RUN TestNormalizeAttributes/Multiple_comma-separated_attributes
=== RUN TestNormalizeAttributes/Case_preservation
=== RUN TestNormalizeAttributes/Leading_and_trailing_spaces
=== RUN TestNormalizeAttributes/Real-world_LDAP_attribute_examples
=== RUN TestNormalizeAttributes/Jira-style_attribute_format
=== RUN TestNormalizeAttributes/Single_string_with_single_attribute
=== RUN TestNormalizeAttributes/Mix_of_standard_and_operational_attributes
--- PASS: TestNormalizeAttributes (0.00s)
--- PASS: TestNormalizeAttributes/Empty_input (0.00s)
--- PASS: TestNormalizeAttributes/No_commas (0.00s)
--- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s)
--- PASS: TestNormalizeAttributes/Mixed_input (0.00s)
--- PASS: TestNormalizeAttributes/With_spaces (0.00s)
--- PASS: TestNormalizeAttributes/Empty_parts (0.00s)
--- PASS: TestNormalizeAttributes/Single_element (0.00s)
--- PASS: TestNormalizeAttributes/Only_commas (0.00s)
--- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s)
--- PASS: TestNormalizeAttributes/Case_preservation (0.00s)
--- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s)
--- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s)
--- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s)
--- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s)
--- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s)
PASS
ok goauthentik.io/internal/outpost/ldap/search 0.194s
```
2025-06-11 18:16:40 +02:00
88fa7e37dc
outposts: Refactor session end signal and add LDAP support ( #14539 )
...
* outpost: promote session end signal to non-provider specific
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement server-side logout in ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix previous import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use better retry logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make more generic if we switch from ws to something else
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it possible to e2e test WS
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap session id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok I actually need to go to bed this took me an hour to fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format; add ldap test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix leftover state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove thread
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use ws base for radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate test utils
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing super calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* websocket tests with browser 🎉
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proxy test for sign out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix install_id issue with channels tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy basic auth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* big code dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow passing go build args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve waiting for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite ldap tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually fix the tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* undo a couple things that need more time to cook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix session id for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing createTimestamp and modifyTimestamp ldap attributes
closes #10474
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-10 12:11:21 +02:00
dea2d67ceb
internal/outpost: fix incorrect usage of golang SHA API ( #14981 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-09 20:57:36 +02:00
b7417e77c7
outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time ( #14724 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-07 03:01:00 +02:00
a306cecb73
providers/proxy: add option to override host header with property mappings ( #14927 )
2025-06-06 14:54:59 +02:00
57f25a97c9
providers/ldap: retain binder and update users instead of re-creating ( #14735 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-05-28 13:43:35 +02:00
65517f3b7f
enterprise/stages: Add MTLS stage ( #14296 )
...
* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-05-19 22:48:17 +02:00
7826e7a605
core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm ( #13027 )
...
* core: bump oss/go/microsoft/golang
Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm.
---
updated-dependencies:
- dependency-name: oss/go/microsoft/golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
* upstream docker image, use native fips
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump go version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-30 03:26:30 +02:00
5bcf501842
outposts/ldap: fix paginator going into infinite loop ( #13677 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-27 00:05:43 +01:00
84b5992e55
ci: bump golangci/golangci-lint-action from 6 to 7 ( #13661 )
...
* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-26 18:03:20 +01:00
authentik-automation[bot]
Chetan Sarva
Marc 'risson' Schmitt
Jens L.
Vít Skalický
Dominic R
Connor Peshek
Marcelo Elizeche Landó
Simonyi Gergő
Teffen Ellis
Daniel Adu-Gyan
Katsushi Kobayashi
Marco Lecheler
Tom Neuber
dependabot[bot]